The militarized hacking crew is using trojanized open-source apps and LinkedIn recruitment to bait tech industry employees, according to MSTIC, and the threat has been unrelenting. The threat team at Microsoft shared via a blog post (opens in new tab) that the group has been using PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer for these attacks since late April.
Who are they targeting
The hacker group has targeted employees in multiple industries, including media, defense, and aerospace, in the US, UK, India, and Russia. The group is suspected to be behind the famous Sony breach in 2014. Known as Lazarus, the outfit is tracked by Microsoft as ZINC. Joining MSTIC, Google Cloud’s Mandiant threat analysts noticed the group spear-phishing targets in the tech and media sectors using fraudulent job offers this past July and using WhatsApp to share a trojan.
How it’s done
In Microsoft’s blog post, the MSTIC team stated, “Microsoft researchers have observed spear-phishing as a primary tactic of ZINC actors, but they have also been observed using strategic website compromises and social engineering across social media to achieve their objectives.” The MSTIC team goes on to say, “ZINC targets employees of companies it’s attempting to infiltrate and seeks to coerce these individuals into installing seemingly benign programs or opening weaponized documents that contain malicious macros. Targeted attacks have also been carried out against security researchers over Twitter and LinkedIn.” By creating fake accounts on LinkedIn, the hackers engaged in data theft, hacked crypto accounts and exchanges, and tore networks apart. For its part, the Microsoft-owned LinkedIn’s own Threat Defense team deleted all bogus accounts they found. Using messages tailored toward specific industries, the hacker group targeted tech support professionals and engineers that worked for media and IT companies located in the UK, India, and US. United States authorities put out a warning, alerting firms in Europe about what has been happening. It used to be LinkedIn seemed to be a very safe, business-like social media platform for job hunting and networking but, but in today’s world, where there are hacker subscription services, there are few safe spaces on the internet, and we must be ever vigilant. Staying on top of the latest threats is a great first step and make sure you are using one of the best anti-virus apps to keep yourself safe and secure online. via: ZDNet